Manage device enrollment and setup experience

Manage device enrollment and setup experience

Use the Device Enrollment Program to automatically enroll devices in Profile Manager and manage the setup experience.

You can use the Device Enrollment Program to assign devices to Profile Manager if they’re owned by a business or school and are purchased directly from Apple or a participating Apple Authorized reseller or carrier. This lets you automate device enrollment, wirelessly supervise devices, and skip basic setup steps. If you haven’t already enrolled in the Device Enrollment Program and authorized your server to manage devices, see Device Enrollment Program Help.

Note: Setup Assistant on a Mac can be completed without a network connection. Profile Manager sends a notification when the Mac connects to the appropriate network. The user can decide to accept the enrollment profile or skip enrollment.

Once you use the Device Enrollment Program to authorize your server to manage devices, you can do the following:

  • Force enrollment of an iOS device

  • Prevent unenrollment (Supervised iOS devices only)

  • Require user name and password to complete enrollment

  • Supervise a device (iOS only)

  • Disable pairing of an iOS device to a Mac

  • Disable the specific setup steps listed below:

Step

Device

Location services

iOS and OS X

Set up as new or restore

iOS and OS X

Apple ID

iOS and OS X

Terms and conditions

iOS and OS X

App analytics

iOS and OS X

Move from Android

iOS

Touch ID

iOS

Passcode lock

iOS

Apple Pay

iOS

Siri

iOS

Display zoom

iOS

FileVault

OS X

Registration

OS X

You can specify how the user proceeds through the account setup portion of the OS X Setup Assistant:

  • Create an administrator account: The user creates an administrator account on the Mac.

  • Create a standard account: The user creates a standard account on the Mac. You must also create a managed administrator account.

  • No option to create an account: The user logs in on the Mac using their directory user name and password. You must also create a managed administrator account.

If you create a managed administrator account, you can hide that account in the Users & Groups pane of System Preferences.

Note: Unlike a regular administrator account, a managed administrator account’s password can be changed remotely using a task.

Verify device placeholders

See which devices are assigned to Profile Manager from the Device Enrollment Program.

  1. In the Profile Manager sidebar, click Devices.

    You should see device placeholders assigned to Profile Manager.

  2. Search for specific devices using Search to locate a specific device or set of devices.

    You can also create a new device group and add device placeholders to a device group. For information, see Manage device groups.

Prompt user to enroll device

You can prompt the user to enroll the device during setup. When you select this option, you have additional options that allow more flexibility or control, depending on your user’s requirements. For example, you can force enrollment, so the user can’t advance to the next screen in Setup Assistant without enrolling the device. You can also force supervision on an iOS device, which allows even more configuration options within payloads.

Important: If the device is enrolled in the Device Enrollment Program and supervised, the profile can only be removed using root user privileges. OS X users with administrator privileges can remove a profile at any time.

  1. In the Profile Manager sidebar, click Devices or Device Groups, select the device or group you want to manage then click the Settings tab.

  2. Select Prompt User To Enroll Device and then select from the four other options:

    • Don’t allow user to skip enrollment step

    • Supervise the device (iOS only)

    • Allow pairing of the device with a Mac

    • Require user name and password to complete enrollment and assign the device to the user.

  3. Click Save.

    New devices or devices erased and ready for activation will now adhere to the options you chose during enrollment.

Manage Setup Assistant options

You can restrict which options appear when a new or newly erased device is given to a user.

  1. In the Profile Manager sidebar, click Devices or Device Groups.

  2. Select the device or group, and then click the Settings tab.

  3. Make sure “Prompt user to enroll device” is enabled.

  4. Deselect which setup options you want to hide from the user, then click Save.

    When a user starts up a device and it enrolls in Profile Manager, the only setup options a user will see are those you’ve selected.